Study, Analysis and Modeling of IP Multimedia systems on next generation networks providing mobile and fixed multimedia services

Not availabl

Designing and prototyping WebRTC and IMS integration using open source tools

WebRTC, or Web Real-time Communications, is a collection of web standards that detail the mechanisms, architectures and protocols that work together to deliver real-time multimedia services to the web browser. It represents a significant shift from the historical approach of using browser plugins, which over time, have proven cumbersome and problematic. Furthermore, it adopts various Internet standards in areas such as identity management, peer-to-peer connectivity, data exchange and media encoding, to provide a system that is truly open and interoperable. Given that WebRTC enables the delivery of multimedia content to any Internet Protocol (IP)-enabled device capable of hosting a web browser, this technology could potentially be used and deployed over millions of smartphones, tablets and personal computers worldwide. This service and device convergence remains an important goal of telecommunication network operators who seek to enable it through a converged network that is based on the IP Multimedia Subsystem (IMS). IMS is an IP-based subsystem that sits at the core of a modern telecommunication network and acts as the main routing substrate for media services and applications such as those that WebRTC realises. The combination of WebRTC and IMS represents an attractive coupling, and as such, a protracted investigation could help to answer important questions around the technical challenges that are involved in their integration, and the merits of various design alternatives that present themselves. This thesis is the result of such an investigation and culminates in the presentation of a detailed architectural model that is validated with a prototypical implementation in an open source testbed. The model is built on six requirements which emerge from an analysis of the literature, including previous interventions in IMS networks and a key technical report on design alternatives. Furthermore, this thesis argues that the client architecture requires support for web-oriented signalling, identity and call handling techniques leading to a potential for IMS networks to natively support these techniques as operator networks continue to grow and develop. The proposed model advocates the use of SIP over WebSockets for signalling and DTLS-SRTP for media to enable one-to-one communication and can be extended through additional functions resulting in a modular architecture. The model was implemented using open source tools which were assembled to create an experimental network testbed, and tests were conducted demonstrating successful cross domain communications under various conditions. The thesis has a strong focus on enabling ordinary software developers to assemble a prototypical network such as the one that was assembled and aims to enable experimentation in application use cases for integrated environments

Multimedia session continuity in the IP multimedia subsystem : investigation and testbed implementation

Includes bibliographical references (leaves 91-94).The advent of Internet Protocol (IP) based rich multimedia services and applications has seen rapid growth and adoption in recent years, with an equally increasing user base. Voice over IP (VoIP) and IP Television (IPTV) are key examples of services that are blurring the lines between traditional stove-pipe approach network infrastructures. In these, each service required a different network technology to be provisioned, and could only be accessed through a specific end user equipment (UE) technology. The move towards an all-IP core network infrastructure and the proliferation of multi-capability multi-interface user devices has spurred a convergence trend characterized by access to services and applications through any network, any device and anywhere

A Cross Domain Next Generation Network IPTV Client for Media Center environments

Functions, which can be summarized to the keyword Internet Protocol Television (IPTV) describe the transmission of video services to users via Internet Protocol (IP). Accompanying to this new television transmission path Home Theatre PCs (HTPC) running a so called Media Center platform are more and more entering the living rooms as a companion for the popular LCD and Plasma displays. Perfect ease of use and the visual integration on the screen and also into the living room is raising their acceptance. These HTPCs are a central node for multimedia services such as TV, radio and email within the networked household. Thus, there are good preconditions for the use of a HTPC as end device for Telco operator driven IPTV and telecommunication services. In the context of this diploma thesis possibilities for the provisioning of IPTV and Next Generation Network (NGN) services on a converged multimedia home entertainment platform for the living room will be investigated, especially Vista Media Center platforms. For this reason, standardization activities will be investigated, which deal with the integration of IPTV and telecommunication services into NGN. The validation of the results will be achieved by the design and implementation of a Vista Media Center Add-In, which can be integrated as an IP Multimedia Subsystem (IMS) based User Agent (UA) in ETSI TISPAN Release 2 IPTV infrastructures. Additionally, a Cross Domain messaging service for IMS based UA is created, which enables a cross-network communication between users

Interworking between WLAN and 3G Cellular Networks: An IMS Based Architecture

In this paper, a novel architecture for interworking of the Wireless Local Area Network (WLAN) and the Third Generation (3G) mobile cellular network is presented. This architecture is a hybrid model with additional controls compared with the existing architectures and the use of IP Multimedia Subsystem (IMS), as an arbitrator for coupling and real-time session management. Furthermore, a new networking entity called a mobility manager has been introduced within the IMS for seamless management of vertical handoffs. Efficient strategies for IP address distribution and bypassing high traffic loads form the cellular core network are other benefits of this architecture

INSTANT MESSAGING SPAM DETECTION IN LONG TERM EVOLUTION NETWORKS

The lack of efficient spam detection modules for packet data communication is resulting to increased threat exposure for the telecommunication network users and the service providers. In this thesis, we propose a novel approach to classify spam at the server side by intercepting packet-data communication among instant messaging applications. Spam detection is performed using machine learning techniques on packet headers and contents (if unencrypted) in two different phases: offline training and online classification. The contribution of this study is threefold. First, it identifies the scope of deploying a spam detection module in a state-of-the-art telecommunication architecture. Secondly, it compares the usefulness of various existing machine learning algorithms in order to intercept and classify data packets in near real-time communication of the instant messengers. Finally, it evaluates the accuracy and classification time of spam detection using our approach in a simulated environment of continuous packet data communication. Our research results are mainly generated by executing instances of a peer-to-peer instant messaging application prototype within a simulated Long Term Evolution (LTE) telecommunication network environment. This prototype is modeled and executed using OPNET network modeling and simulation tools. The research produces considerable knowledge on addressing unsolicited packet monitoring in instant messaging and similar applications

Secure Service Provisioning (SSP) Framework for IP Multimedia Subsystem (IMS)

Mit dem Erscheinen mobiler Multimediadienste, wie z. B. Unified Messaging, Click-to-Dial-Applikationen, netzwerkübergeifende Multimedia-Konferenzen und nahtlose Multimedia-Streming-Dienste, begann die Konvergenz von mobilen Kommunikationsetzen und Festnetzen, begleitet von der Integration von Sprach- und Datenkommunikations-Übertragungstechnik Diese Entwicklungen bilden die Voraussetzung für die Verschmelzung des modernen Internet auf der einen Seite mit der Telekommunikation im klassischen Sinne auf der anderen. Das IP Multimedia-Subsystem (IMS) darf hierbei als die entscheidende Next-Generation-Service-Delivery-Plattform in einer vereinheitlichten Kommunikationswelt angesehen werden. Seine Architektur basiert auf einem modularen Design mit offenen Schnittstellen und bietet dedizierte Voraussetzungen zur Unterstützung von Multimedia-Diensten auf der Grundlage der Internet-Protokolle. Einhergehend mit dieser aufkommenden offenen Technologie stellen sich neue Sicherheits-Herausforderungen in einer vielschichtigen Kommunikationsinfrastruktur, im Wesentlichen bestehend aus dem Internet Protokoll (IP), dem SIP-Protokoll (Session Initiation Protocol) und dem Real-time Transport Protokoll (RTP). Die Zielsetzung des Secure Service Provisioning-Systems (SSP) ist, mögliche Angriffsszenarien und Sicherheitslücken in Verbindung mit dem IP Multimedia Subsystem zu erforschen und Sicherheitslösungen, wie sie von IETF, 3GPP und TISPAN vorgeschlagen werden, zu evaluieren. Im Rahmen dieser Forschungsarbeit werden die Lösungen als Teil des SSP-Systems berücksichtigt, mit dem Ziel, dem IMS und der Next-Generation-SDP einen hinreichenden Schutz zu garantieren. Dieser Teil, der als Sicherheitsschutzstufe 1 bezeichnet wird, beinhaltet unter anderem Maßnahmen zur Nutzer- und Netzwerk-Authentifizierung, die Autorisierung der Nutzung von Multimediadiensten und Vorkehrungen zur Gewährleistung der Geheimhaltung und Integrität von Daten im Zusammenhang mit dem Schutz vor Lauschangriffen, Session-Hijacking- und Man-in-the-Middle-Angriffen. Im nächsten Schritt werden die Beschränkungen untersucht, die für die Sicherheitsschutzstufe 1 charakteristisch sind und Maßnahmen zu Verbesserung des Sicherheitsschutzes entwickelt. Die entsprechenden Erweiterungen der Sicherheitsschutzstufe 1 führen zu einem Intrusion Detection and Prevention-System (IDP), das Schutz vor Denial-of-Service- (DoS) / Distributed-Denial-of-Service (DDoS)-Angriffen, missbräuchlicher Nutzung und Täuschungsversuchen in IMS-basierten Netzwerken bietet. Weder 3GPP noch TISPAN haben bisher Lösungen für diesen Bereich spezifiziert. In diesem Zusammenhang können die beschriebenen Forschungs- und Entwicklungsarbeiten einen Beitrag zur Standardisierung von Lösungen zum Schutz vor DoS- und DDoS-Angriffen in IMS-Netzwerken leisten. Der hier beschriebene Ansatz basiert auf der Entwicklung eines (stateful / stateless) Systems zur Erkennung und Verhinderung von Einbruchsversuchen (Intrusion Detection and Prevention System). Aus Entwicklungssicht wurde das IDP in zwei Module aufgeteilt: Das erste Modul beinhaltet die Basisfunktionen des IDP, die sich auf Flooding-Angriffe auf das IMS und ihre Kompensation richten. Ihr Ziel ist es, das IMS-Core-Netzwerk und die IMS-Ressourcen vor DoS- und DDoS-Angriffen zu schützen. Das entsprechende Modul basiert auf einer Online Stateless-Detection-Methodologie und wird aktiv, sobald die CPU-Auslastung der P-CSCF (Proxy-Call State Control Function) einen vordefinierten Grenzwert erreicht oder überschreitet. Das zweite Modul (IDP-AS) hat die Aufgabe, Angriffe, die sich gegen IMS Application Server (AS) richten abzufangen. Hierbei konzentrieren sich die Maßnahmen auf den Schutz des ISC-Interfaces zwischen IMS Core und Application Servern. Das betreffende Modul realisiert eine Stateful Detection Methodologie zur Erkennung missbräuchlicher Nutzungsaktivitäten. Während der Nutzer mit dem Application Server kommuniziert, werden dabei nutzerspezifische Zustandsdaten aufgezeichnet, die zur Prüfung der Legitimität herangezogen werden. Das IDP-AS prüft alle eingehenden Requests und alle abgehenden Responses, die von IMS Application Servern stammen oder die an IMS Application Server gerichtet sind, auf ihre Zulässigkeit im Hinblick auf die definierten Attack Rules. Mit Hilfe der Kriterien Fehlerfreiheit und Processing Delay bei der Identifikation potenzieller Angriffe wird die Leistungsfähigkeit der IDP-Module bewertet. Für die entsprechenden Referenzwerte werden hierbei die Zustände Nomallast und Überlast verglichen. Falls die Leistungsfähigkeit des IDP nicht unter den Erwartungen zurückbleibt, wird ein IDP-Prototyp zur Evaluation im Open IMS Playground des Fokus Fraunhofer 3Gb-Testbeds eingesetzt, um unter realen Einsatzbedingungen z. B. in VoIP-, Videokonferenz- , IPTV-, Presence- und Push-to-Talk-Szenarien getestet werden zu können.With the emergence of mobile multimedia services, such as unified messaging, click to dial, cross network multiparty conferencing and seamless multimedia streaming services, the fixed–mobile convergence and voice–data integration has started, leading to an overall Internet–Telecommunications merger. The IP Multimedia Subsystem (IMS) is considered as the next generation service delivery platform in the converged communication world. It consists of modular design with open interfaces and enables the flexibility for providing multimedia services over IP technology. In parallel this open based emerging technology has security challenges from multiple communication platforms and protocols like IP, Session Initiation Protocol (SIP) and Real-time Transport Protocol (RTP). The objective of Secure Service Provisioning (SSP) Framework is to cram the potential attacks and security threats to IP Multimedia Subsystem (IMS) and to explore security solutions developed by IETF, 3GPP and TISPAN. This research work incorporates these solutions into SSP Framework to secure IMS and next generation Service Delivery Platform (SDP). We define this part as level 1 security protection which includes user and network authentication, authorization to access multimedia services, providing confidentiality and integrity protection etc. against eavesdropping, session hijacking and man-in-the middle attacks etc. In the next step, we have investigated the limitations and improvements to level 1 security and proposed the enhancement and extension as level 2 security by developing Intrusion Detection and Prevention (IDP) system against Denial-of-Service (DoS)/Distributed DoS (DDoS) flooding attacks, misuses and frauds in IMS-based networks. These security threats recently have been identified by 3GPP and TISPAN but no solution is recommended and developed. Therefore our solution may be considered as recommendation in future. Our approach based on developing both stateless and stateful intrusion detection and prevention system. From development point of view, we have divided the work into two modules: the first module is IDP-Core; addressing and mitigating the flooding attacks in IMS core. Its objective is to protect the IMS resources and IMS-core entities from DoS/DDoS flooding attacks. This module based on online stateless detection methodology and activates when CPU processing load of P-CSCF (Proxy-Call State Control Function) reaches or crosses the defined threshold limit. The second module is IDP-AS; addressing and mitigating the misuse attacks facing to IMS Application Servers (AS). Its focus is to secure the ISC interface between IMS Core and Application Servers. This module is based on stateful misuse detection methodology by creating and comparing user state (partner) when he/she is communicating with application server to check whether user is performing legitimate or illegitimate action with attacks rules. The IDP-AS also compared the incoming request and outgoing response to and from IMS Application Servers with the defined attacks rules. In the performance analysis, the processing delay and attacks detection accuracy of both Intrusion Detection and Prevention (IDP) modules have been measured at Fraunhofer FOKUS IMS Testbed which is developed for research purpose. The performance evaluation based on normal and overload conditions scenarios. The results showed that the processing delay introduced by both IDP modules satisfied the standard requirements and did not cause retransmission of SIP REGISTER and INVITE requests. The developed prototype is under testing phase at Fraunhofer FOKUS 3Gb Testbed for evaluation in real world communication scenarios like VoIP, video conferencing, IPTV, presence, push-to-talk etc

Cloud Based IP Multimedia Subsystem (IMS) Architecture to Integrate Vehicular Ad Hoc Network (VANET) and IMS

RÉSUMÉ Les réseaux Ad Hoc véhiculaires (VANET) représentent une technologie spéciale, dans la catégorie des réseaux ad hoc sans fils. Ils visent la sécurité routière, une plus grande efficacité et une meilleure organisation au sein des systèmes de transport. Ils favorisent l’avènement de nouvelles applications relatives à l’ingénierie, la gestion de trafic, la dissémination d’informations d’urgence pour éviter les situations critiques, le confort et le divertissement, ainsi que plusieurs autres «applications utilisateur». Le sous-système multimédia IP (IP Multimedia Subsystem, IMS), a été standardisé par le projet «Third Generation Partnership Project» (3GPP) pour les réseaux hétérogènes avec un support de la qualité de service. Cette plateforme a été proposée dans le but d’offrir aux utilisateurs finaux des services multimédia tels que la voix, les données et la vidéo, la facturation ainsi que l’intégration des services tout-IP. Avec l’avènement de IMS, il est désirable d’offrir aux utilisateurs des réseaux véhiculaires (VANET), un accès aux services de ce sous-système. Cependant, les caractéristiques de ces réseaux posent des difficultés majeures pour le contrôle des performances des services IMS. Par ailleurs, le «réseau cœur » de IMS présente aussi des limitations telles que le contrôle centralisé, la faible efficacité et une faible évolutivité au niveau des équipements du réseau cœur en comparaison aux infrastructures de réseau utilisant le Cloud Computing. Le Cloud Computing est un nouveau paradigme des technologies de l’information, offrant des ressources extensibles dynamiquement, souvent au moyen de machines virtuelles et accessibles en tant que services sur Internet. La migration de l’IMS au sein du Cloud peut permettre d’améliorer les performances de l’infrastructure IMS. Ce projet propose une architecture novatrice d’intégration des réseaux VANET, IMS et le Cloud Computing.----------ABSTRACT Vehicular Ad Hoc network (VANET) is a special technology in wireless ad hoc networks. It can be used to provide road safety, efficiency and traffic organization in transportation system. Thus, new applications arise in several fields such as traffic engineering, traffic management, dissemination of emergency information in order to avoid critical situations, comfort, entertainment and other user applications. IP multimedia Subsystem (IMS) is a subsystem, standardized with Third Generation Partnership Project (3GPP). The IMS supports heterogeneous networking with Quality-of-Service (QoS) policy. The goal of this platform is to integrate All-IP services and to provide final user with multimedia services such as voice, data and video with appropriate billing mechanisms. With the advent of the IP Multimedia Subsystem, it is desirable to provide VANET end-users with IMS services. However, characteristics of VANET cause major challenges to control the performance of IMS services. On the other hand, the traditional IMS core network faces a set of problems such as centralized control, low efficiency and poor scalability of core equipment, compared with the IT environment using Cloud Computing. Cloud Computing is an emerging paradigm in the field of information technology. In this new paradigm, dynamically scalable and often virtualized resources are provided as services over the Internet. The migration of IMS to cloud can improve its performance. This project proposes an innovative architecture in order to integrate VANET, IMS and Cloud Computing

Contributions to presence-based systems for deploying ubiquitous communication services

Next-Generation Networks (NGNs) will converge the existing fixed and wireless networks. These networks rely on the IMS (IP Multimedia Subsystem), introduced by the 3GPP. The presence service came into being in instant messaging applications. A user¿s presence information consists in any context that is necessary for applications to handle and adapt the user's communications. The presence service is crucial in the IMS to deploy ubiquitous services. SIMPLE is the standard protocol for handling presence and instant messages. This protocol disseminates users' presence information through subscriptions, notifications and publications. SIMPLE generates much signaling traffic for constantly disseminating presence information and maintaining subscriptions, which may overload network servers. This issue is even more harmful to the IMS due to its centralized servers. A key factor in the success of NGNs is to provide users with always-on services that are seamlessly part of their daily life. Personalizing these services according to the users' needs is necessary for the success of these services. To this end, presence information is considered as a crucial tool for user-based personalization. This thesis can be briefly summarized through the following contributions: We propose filtering and controlling the rate of presence publications so as to reduce the information sent over access links. We probabilistically model presence information through Markov chains, and analyzed the efficiency of controlling the rate of publications that are modeled by a particular Markov chain. The reported results show that this technique certainly reduces presence overload. We mathematically study the amount of presence traffic exchanged between domains, and analyze the efficiency of several strategies for reducing this traffic. We propose an strategy, which we call Common Subscribe (CS), for reducing the presence traffic exchanged between federated domains. We compare this strategy traffic with that generated by other optimizations. The reported results show that CS is the most efficient at reducing presence traffic. We analyze the load in the number of messages that several inter-domain traffic optimizations cause to the IMS centralized servers. Our proposed strategy, CS, combined with an RLS (i.e., a SIMPLE optimization) is the only optimization that reduces the IMS load; the others increase this load. We estimate the efficiency of the RLS, thereby concluding that the RLS is not efficient under certain circumstances, and hence this optimization is discouraged. We propose a queuing system for optimizing presence traffic on both the network core and access link, which is capable to adapt the publication and notification rate based on some quality conditions (e.g, maximum delay). We probabilistically model this system, and validate it in different scenarios. We propose, and implement a prototype of, a fully-distributed platform for handling user presence information. This approach allows integrating Internet Services, such as HTTP or VoIP, and optimizing these services in an easy, user-personalized way. We have developed SECE (Sense Everything, Control Everything), a platform for users to create rules that handle their communications and Internet Services proactively. SECE interacts with multiple third-party services for obtaining as much user context as possible. We have developed a natural-English-like formal language for SECE rules. We have enhanced SECE for discovering web services automatically through the Web Ontology Language (OWL). SECE allows composing web services automatically based on real-world events, which is a significant contribution to the Semantic Web. The research presented in this thesis has been published through 3 book chapters, 4 international journals (3 of them are indexed in JCR), 10 international conference papers, 1 demonstration at an international conference, and 1 national conferenceNext-Generation Networks (NGNs) son las redes de próxima generación que soportaran la convergencia de redes de telecomunicación inalámbricas y fijas. La base de NGNs es el IMS (IP Multimedia Subsystem), introducido por el 3GPP. El servicio de presencia nació de aplicaciones de mesajería instantánea. La información de presencia de un usuario consiste en cualquier tipo de información que es de utilidad para manejar las comunicaciones con el usuario. El servicio de presencia es una parte esencial del IMS para el despliegue de servicios ubicuos. SIMPLE es el protocolo estándar para manejar presencia y mensajes instantáneos en el IMS. Este protocolo distribuye la información de presencia de los usuarios a través de suscripciones, notificaciones y publicaciones. SIMPLE genera mucho tráfico por la diseminación constante de información de presencia y el mantenimiento de las suscripciones, lo cual puede saturar los servidores de red. Este problema es todavía más perjudicial en el IMS, debido al carácter centralizado de sus servidores. Un factor clave en el éxito de NGNs es proporcionar a los usuarios servicios ubicuos que esten integrados en su vida diaria y asi interactúen con los usuarios constantemente. La personalización de estos servicios basado en los usuarios es imprescindible para el éxito de los mismos. Para este fin, la información de presencia es considerada como una herramienta base. La tesis realizada se puede resumir brevemente en los siguientes contribuciones: Proponemos filtrar y controlar el ratio de las publicaciones de presencia para reducir la cantidad de información enviada en la red de acceso. Modelamos la información de presencia probabilísticamente mediante cadenas de Markov, y analizamos la eficiencia de controlar el ratio de publicaciones con una cadena de Markov. Los resultados muestran que este mecanismo puede efectivamente reducir el tráfico de presencia. Estudiamos matemáticamente la cantidad de tráfico de presencia generada entre dominios y analizamos el rendimiento de tres estrategias para reducir este tráfico. Proponemos una estrategia, la cual llamamos Common Subscribe (CS), para reducir el tráfico de presencia entre dominios federados. Comparamos el tráfico generado por CS frente a otras estrategias de optimización. Los resultados de este análisis muestran que CS es la estrategia más efectiva. Analizamos la carga en numero de mensajes introducida por diferentes optimizaciones de tráfico de presencia en los servidores centralizados del IMS. Nuestra propuesta, CS, combinada con un RLS (i.e, una optimización de SIMPLE), es la unica optimización que reduce la carga en el IMS. Estimamos la eficiencia del RLS, deduciendo que un RLS no es eficiente en ciertas circunstancias, en las que es preferible no usar esta optimización. Proponemos un sistema de colas para optimizar el tráfico de presencia tanto en el núcleo de red como en la red de acceso, y que puede adaptar el ratio de publicación y notificación en base a varios parametros de calidad (e.g., maximo retraso). Modelamos y analizamos este sistema de colas probabilísticamente en diferentes escenarios. Proponemos una arquitectura totalmente distribuida para manejar las información de presencia del usuario, de la cual hemos implementado un prototipo. Esta propuesta permite la integracion sencilla y personalizada al usuario de servicios de Internet, como HTTP o VoIP, asi como la optimizacón de estos servicios. Hemos desarrollado SECE (Sense Everything, Control Everything), una plataforma donde los usuarios pueden crear reglas para manejar todas sus comunicaciones y servicios de Internet de forma proactiva. SECE interactúa con una multitud de servicios para conseguir todo el contexto possible del usuario. Hemos desarollado un lenguaje formal que parace como Ingles natural para que los usuarios puedan crear sus reglas. Hemos mejorado SECE para descubrir servicios web automaticamente a través del lenguaje OWL (Web Ontology Language)